S4E

Mysql Empty Password Scanner

If your MySQL server permits connection without a password, it is better to find this before people with malicious intentions.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

5 second

Time Interval

5 day

Scan only one

Domain, Ipv4

Toolbox

-
Mysql Empty Password Scanner

What is Mysql ?

MySQL is an open-source, relational database management system.

You can connect with MySQL server with MySQL clients with graphical interface (ex. MySQL Workbench, Navicat, HeidiSQL, DBeaver, Adminer, Phpmyadmin etc.) or from the command line (ex. bash, iterm, powershell).


What is Mysql Empty Password Vulnerability ?

In some cases, root or anonymous user can be set without a password and MYSQL service might be opened to the internet. In this case, people with malicious intention might connect to the database to access various data.


How To Check Mysql Empty Password Vulnerability ?

You can easily do this with our free and online MySQL Empty Password Vulnerability scanner tool. To do this, you can start by typing your domain name in the form on top of the page and start scanning.

Or you can run nmap --script mysql-empty-password -p 3306 Target_Host command on nmap tool which can be installed to all operating systems.

Also, you can use mysql_login auxiliary module of “Metasploit Framework” to check the vulnerability.

Lastly, you can check manually. If your MySQL server is impacted from this vulnerability, you will have a result similar to the following:

	mysql -h 172.19.0.100 -u root -p
 	Enter password:  // leave it blank
 	Welcome to the MySQL monitor.  Commands end with ; or \g.
 	Your MySQL connection id is 9
 	Server version: 5.7.29-0ubuntu0.18.04.1 (Ubuntu)
 	Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
 	Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 	mysql>
Get started to protecting your Free Full Security Scan